Installer contains virus according to Windows Defender

[icke_qps]

Hi!
I just ran into this issue while testing an installer on a Virtual Machine and noticed a similar topic here:
viewtopic.php?f=2&t=51330#p130235

The difference here is that my installer is digitally signed:

codesigned.png (221.85 KiB) Viewed 12722 times

If I try to install I get this message:

virus 1.png (50.61 KiB) Viewed 12722 times

And when I open the details in Windows Defender, this is shown:

defender.png (37.99 KiB) Viewed 12722 times

Can you help me out with this?
Best regards,

Peter

[wingers]

I had same issue - have submitted it to Microsoft Security Intelligence as a false detection and am awaiting a response

[Catalin]

Hello Peter, Darren,

@Darren,

Thank you for your followup on this and for contributing to our forums.

@Peter,

As Darren also mentioned, this is a false positive:

False Positive Virus Detection

Unfortunately, the only thing left to do here is to submit the setup for whitelisting to Microsoft.

This is something we do every month before each release as well - we actually had some detections from Microsoft Defender and we have submitted the files for false positive and everything turned out to be ok afterwards.

Now, a few days later, it looks like the setups are detected, which is quite strange.

Could you please also submit the file for whitelisting and let me know how that goes?

Best regards,
Catalin

[icke_qps]

Hi Catalin,

I have tried the same installation once more, after running all Windows updates on this VM, and now the problem is gone!

Thank you and @Darren as well for you response!

Best regards,

Peter

[Catalin]

Hello Peter,

Thank you for your followup on this!

I am glad everything is working as expected now.

Best regards,
Catalin

[davidjhomer]

The issue is back in AdvancedInstaller 21.0.1.

• Our installer is digitally signed with a third party code signing certificate

• The issue is new in the latest release

• Only one of our installers is affected

• We are seeing the issue on 2 x Windows Server 2022 machines

• The machines have had the latest Windows Updates and Windows Defender signature files applied

SOLUTION: Roll back to a previous version of AdvancedInstaller.

[Catalin]

Hello David,

Please note I have already answered your other forum thread.

Best regards,
Catalin

[xsensordev]

Windows Defender aggressively quarantines any installers built with version 21.1. I rolled back to 20.9 and Defender is now happy again.

Its so delicious to watch the Advanced Installer team try to make it a problem of their customers. AI changes a version and it results in a new signature which is then condemned by Microsoft Defender ... and somehow its the AI customers that are supposed to deal with it.

Starting to look for alternatives to this nonsense.

[Catalin]

Hello,

First of all, I am really sorry for the inconvenience you are facing.

We understand your concern about false positives, and we appreciate your feedback.

Please note that we do report false positives, but occasionally, they may surface after a release. We're committed to minimizing such occurrences, despite it being really hard lately due to the aggresivness of the algorithms - we can literally submit a file for whitelisting, it gets whitelisted next day and two days after it's flagged again.

We definitely do not blame our customers (and never will), but your assitance in resolving these issues by submitting reports for false positives really help. Your cooperation is invaluable in helping us enhance our system's accuracy and reliability.

Thank you for your understanding and support!

Best regards,
Catalin